The findings concluded that 70% of businesses felt there was room for improvement when it came to their business’ data, with 40% admitting they did not have a cybersecurity strategy in place.
This is despite the fact that 84% said that they have a dedicated employee charged with managing IT and cybersecurity.
IT infrastructure and business support company Xperience Group, through director of cloud Services & Infrastructure Richard Kennedy, provided the following comment on the findings:
“Unfortunately, it’s not surprising that 40% of SMEs don’t have a security strategy in place, especially as businesses are more vulnerable than ever to an attack, due to the evolution of the threat landscape.
“Employee education, training and the implementation of technologies such as automated patch management, intrusion prevention and anti-virus/malware services are of paramount importance.”
Despite the risks, only 53% admitted to conducting a security audit on their system in the past three months
With cyber-attacks on the rise and many high-profile businesses, as well as SMEs, finding their data compromised, it seems that the rising threat level is not enough to give businesses the push they need to take greater care over their IT security.
About half (51%) revealed that their business is at risk of a cyber-attack, with 92% admitting that they had experienced a data and/or security breach in the past six to 12 months.
Nevertheless, a majority of businesses have confidence in their preparedness. Some 67% said they felt ‘somewhat prepared’ to deal with such a cyber incident, and 87% were confident in the current security systems and protocols they have in place to prevent attacks.
Such confidence jars somewhat with apparent widespread negligence in auditing systems for vulnerabilities.
Despite the risks posed from a cyber-attack and the concern that businesses have over their security practices, only 53% admitted to conducting a security audit on their system in the past three months, with 11% saying that they could not remember the last time they had done so.
The General Data Protection Regulation (GDPR), which comes into force in May 2018, requires that businesses must appoint a data protection officer if handling sensitive data on a large scale or monitoring EU citizens’ data.
If breaches occur, they need to be reported to an appointed authority within 72 hours of detection. Organisations must also only process personal data when necessary and ensure that they have the correct systems in place to safeguard data.
GDPR is set to transform how data is handled. For businesses exposing themselves to great risk of cyber-crime through mismanagement and poor practices could be landed with a fine that is potentially 79 times higher than those levied under the existing data protection regime.
Furthermore, with government estimates finding that an attack can cost businesses between £75 and £311,000 through a combination of compensation payouts, disruption and lost sales – cybersecurity is an area which businesses cannot afford to ignore.
